Documentation Index
Fetch the complete documentation index at: https://rokad-89d31590.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Dhal
Dhal is an app-native WAF, bot-defense, policy-control, and request-security middleware for Node.js applications. It runs inside the application request path and provides deterministic controls such as IP allow/block lists, CIDR matching, rate limiting, route-aware policies, attack signatures, IP reputation checks, bot detection, credential-stuffing signals, honeypot canaries, webhooks, OpenTelemetry hooks, CI checks, false-positive replay, config presets, runtime safety controls, and AI-assisted autosetup.Naming
Dhal uses three different names intentionally:| Surface | Value |
|---|---|
| Product | Dhal |
| npm package | @rokadhq/dhal |
| CLI | dhal |
| Config file | dhal.json |
@rokadhq/dhal for install and imports. Use dhal only for the CLI command and dhal.json config file.
What Dhal is
Dhal protects the application request layer. It sees information that edge and network tools often do not: normalized route, tenant ID, API key ID, user ID, login failure outcomes, app-specific payload expectations, and route-specific policy.What Dhal is not
Dhal is not a replacement for Cloudflare, AWS WAF, nginx, Envoy, platform firewalls, or DDoS protection. It complements those layers by adding app-native policy and telemetry.v0.11 alpha-public posture
Dhal0.11.0-alpha.0 is built for public alpha usage. It includes runtime safety controls, health/preflight bypasses, privacy-first redaction, dhal doctor, dhal rules, and redacted dhal report output.
During alpha:
- pin exact versions;
- start in
monitormode; - move specific routes to
blockafter reviewing events; - use
dhal replayfor false-positive regression tests; - use
dhal reportwhen opening issues.
Next steps
- Start with Quickstart.
- Read Alpha public guidance.
- Configure runtime safety.
- Use production rollout before enforcement.